The connection is always RPC. The connection distinction is between RPC over TCP )internal) or RPC over HTTP (external). Your internal connections should generally be RPC/TCP and the external using RPC/HTTP. I've seen people use RPCoHTTP internally as well just to simplify user configurations, but this choice actually doubles the TCP connections required for the same number of RPC connections. JimmyJoeBob Alooba Office 2007 on Win7 Beta From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Thursday, February 05, 2009 12:49 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Problem Connecting to Outlook Anywhere Hello all- Obviously, it's taken me a while to work some more on this. But I have. The first thing I tried was connecting Outlook over RPC internally (that is, not through the firewall, just on the LAN). I configured the Outlook client and then looked at its connection status. What I found is that I'm getting RPC connection to the Exchange server, but the connection to the DC is over TCP/IP. Is that the root of why I can't connect over RPC externally? And what would cause the DC communication to be over TCP/IP? Is there something I need to configure on my DCs? Thanks, Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, January 13, 2009 10:23 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Problem Connecting to Outlook Anywhere Those log entries are pretty much normal for successful OA connections, so they won't help anyway. Have a read in my blog series on troubleshooting RPC/HTTP - this isn't as simple as browser-based email. http://blogs.technet.com/isablog/archive/2007/08/13/testing-rpc-over-http-through-isa-server-2006-part-1-protocols-authentication-and-processing.aspx http://blogs.technet.com/isablog/archive/2007/08/13/testing-rpc-over-http-through-isa-server-2006-part-2-test-tools-and-strategies.aspx http://blogs.technet.com/isablog/archive/2007/08/13/testing-rpc-over-http-through-isa-server-2006-part-3-common-failures-and-resolutions.aspx Make sure you install the CA cert in the local coputer trusted roots store; just dbl-clicking and following the import ewirdzard will NOT accomplish that requirement. Jim ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore [RMoore@xxxxxxxx] Sent: Tuesday, January 13, 2009 7:13 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Problem Connecting to Outlook Anywhere Thanks for your input, Jim. Sorry for the delay. I just went through the procedure to install the cert on the client machine. (For what it's worth, the cert is commercial.) Unfortunately it didn't make any difference. I'm still not getting through with Outlook Anywhere, and I'm still getting the same error messages on ISA. Any other thoughts anyone? Thanks, Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Monday, January 12, 2009 1:45 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Problem Connecting to Outlook Anywhere The OA client MUST trust the CA that issued the certificate you apply to the ISA web listener that services Exch webmail. It doesn't matter if you got the cert from Bob's House of Cheep Certs or FSM himself. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Monday, January 12, 2009 8:33 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Problem Connecting to Outlook Anywhere Hello all- Using ISA 2006 SP1 Standard. I've been slowly implementing Exchange 2007. For all the ISA-related stuff I've been following Dr. Tom's series of articles. Everything is good so far except I haven't been able to get Outlook Anywhere to go. I followed Part 6 of the series to publish the RPC/HTTP site. Following Part 7 of the series, Tom says "if the machine connecting to the RPC/HTTP site is not a domain member, or if you have not installed an enterprise CA, then you will have to add the certificate manually." The machine I'm testing with is NOT a domain member, but we DO have an enterprise CA. So I did not install the CA certificate on the client. (If that's the root of the problem, let me know.) I'm testing from a Windows XP machine that is outside our network (though it is connected to the same router). Since I didn't export and install a certificate, I skipped up to the section on editing the HOSTS file. I didn't modify the HOSTS file, because our mail server has a public IP address (209.120.230.100) that the client knows about through public DNS. Our Client Access Server has a different public address (209.120.230.118) that the client also knows about through public DNS. When I get to the "Microsoft Exchange Settings" page, in the Microsoft Exchange server field I put in "mail.afsc.org" (the public name of our mail server), and in the User Name field I put in my user name (rmoore). When I click the "More Settings" button, it thinks for a second, then fills in underlines the private name of our Exch2007 server (Delta2.afsc.local) and fills in and underlines my name. I then go through the rest of the configuration and all seems OK. But, when I try to open Outlook, it prompts me repeatedly for my password, which never works. When I look at my ISA server to see what errors I'm getting, I first get an Action of "Initiated Connection" with the Result Code of "0x0 ERROR_SUCCESS". That's followed immediately by an Action of "Closed Connection" with the Result Code of "0x80074e21 FWX_E_ABORTIVE_SHUTDOWN". For both of those log entries, the Destination IP is 209.120.230.118 (our Client Access Server). Googling that second Result Code didn't help much, and I've searched through the forums at isaserver.org, not finding what I need. Where have I gone wrong? Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Help Desk: 800-500-AFSC